Data Protection
Data Protection Notice
At MyMax, protecting your personal information, such as your name, phone number, and email or IP address (referred to as "personal data"), is of paramount importance to us. We operate this website and the services offered on it in accordance with applicable data protection laws, particularly the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Below, we explain how we handle your personal data in this context.
​
1. Who is Responsible? Who is the Data Protection Officer?
​
The entity responsible for this website is GreenRhino UG, the parent company of MyMax, located at Ringelnatzweg 182256 Fürstenfeldbruck. You can contact us via info@mymax.online.
​
For data protection inquiries, you can reach our Data Protection Officer:
Sven Dunker
Ringelnatzweg 1
82256 Fürstenfeldbruck
Email: svendunker@mymax.online
​​
​
​
2. How Do We Handle Your Personal Data?
​
2.1 When You Use Our Website, Web Application, or Mobile App​
To provide our website, web application, and mobile app, we must process certain personal data, such as your IP address. This processing is essential for displaying content (including its functionalities) and for implementing IT security measures.
​
When you download our mobile app or use our web application, we may also process the personal data you provide during registration or while using the services, such as user preferences and activity logs, to improve your experience and ensure the app functions correctly. You can also contact us via our contact form. In this case, we process the personal data you provide in the contact form.
​
​
2.1.1 Legal Basis
We process your personal data to provide this website, web application, and mobile app, and to communicate with you, based on our legitimate interest. Certain personal data (e.g., IP address) must be processed for the technical operation of our services and for responding to your inquiries.
​
​
2.1.2 Balancing Interests
In the required balancing of interests, we have weighed your confidentiality against our interest in providing these services and the ability to communicate with you. Your confidentiality interest is secondary in this context, as we could not otherwise provide these services or respond to your inquiries.
​
​
2.1.3 Categories of Recipients
We use service providers to operate our website, web application, and mobile app. We transfer personal data to these service providers, who are contractually obligated to handle personal data with the same care as we do.
​
​
2.2 When You Follow Us on Social Media Platforms
You can follow us on social media platforms like Facebook, LinkedIn, or XING. We process personal data you provide or that the platform operator makes available to us. You can manage your privacy settings directly on the social media platform.
​
​
2.2.1 Legal Basis
We process your personal data as part of our social media offerings based on our legitimate interest under Article 6(1)(f) GDPR. This processing is technically necessary for providing our social media services, including processing data such as your IP address or data provided by the platform operator.
​
​
2.2.2 Categories of Recipients
We use service providers to manage our social media offerings. Data provided to us via social media will also be shared with the respective platform operators.
​
​
2.3 When You Visit Our Website with Embedded YouTube Videos
We use YouTube to embed videos on some of our web pages. YouTube is operated by YouTube LLC, based in 901 Cherry Avenue, San Bruno, CA 94066, USA, and represented by Google.
When you visit a page with a YouTube plugin, a connection is made to YouTube's servers, informing them of the pages you have visited. If you're logged into YouTube, this information is linked to your personal account. You can prevent this by logging out of your YouTube account before using our website and clearing relevant cookies.
​
For more information about data processing by YouTube (Google), please visit: Google Privacy Policy.
​
​
2.3.1 Legal Basis
We process your personal data to provide these videos based on our legitimate interest. Certain personal data (e.g., IP address) must be processed to display these videos.
​
​
2.3.2 Balancing Interests
We have balanced your confidentiality interest against our interest in providing these videos. Your confidentiality interest is secondary in this context, as we could not otherwise provide these videos.
​
​
2.4 When You Apply for a Job with Us
You can apply for a job via our website. We process the personal data you provide as part of your application to initiate, execute, and fulfill the relevant contract.
​
​
2.5 Use of Google reCAPTCHA
We use Google reCAPTCHA, a service provided by Google Inc., to prevent unauthorized, automated sign-ups.
​
2.5.1 Legal Basis
We process your personal data to verify whether a sign-up is unauthorized based on our legitimate interest. This requires processing certain personal data (e.g., IP address).
​
2.5.2 Balancing Interests
We have weighed your confidentiality interest against our interest in performing this verification. Your confidentiality interest is secondary in this context, as we could not otherwise provide this website.
​
2.5.3 Categories of Recipients
By submitting the reCAPTCHA input, data is transmitted to Google for the necessary verification.
For more information about Google's services, please visit: Google Privacy Policy.
​
​
2.6 Use of Cookies/Identifiers and Analysis Tools
We do not use any cookies, identifiers, or analysis tools on our website.
​
​
3. How Long Do We Store Your Personal Data?
We delete your personal data when the purpose for storing it no longer applies, and no legal requirements (e.g., retention obligations under tax or commercial law) mandate its retention. If deletion is not possible in individual cases, the processing of data will be restricted.
​
Additionally, storage duration may depend on statutory limitation periods.
​
​
4. What Are Your Rights?
For exercising your rights or withdrawing your consent, please contact us using the above contact information.
​
a) You have the right to request information about all personal data we process about you at any time.
b) If your personal data is incorrect or incomplete, you have the right to request correction or completion.
c) You can request the deletion of your personal data unless we are legally obliged or entitled to continue processing it.
d) Under certain legal conditions, you can request the restriction of the processing of your personal data.
e) You have the right to object to the processing of your personal data for direct marketing or profiling purposes. If processing is based on a balancing of interests, you may object to it by stating reasons related to your particular situation.
f) If the data processing is based on your consent or is necessary for the performance of a contract, you have the right to request the transfer of the data you provided, as long as this does not affect the rights and freedoms of others.
g) If we process your data based on consent, you have the right to withdraw your consent at any time with future effect. The processing that occurred before the withdrawal remains unaffected.
h) You also have the right to file a complaint with a data protection supervisory authority if you believe that data processing violates applicable law.
We will inform all recipients to whom we have disclosed your personal data about any correction or deletion of your data or restriction of its processing unless this proves impossible or involves disproportionate effort. We will inform you about the relevant recipients upon request.
​
​
5. Do We Create Automatic Profiles?
We do not create automatic profiles.
​
​
6. Data Transfer to Third Countries
In some cases, personal data is transferred to recipients in third countries (see the relevant note in our data protection notices). Third countries are countries outside the EU and the EEA, including the USA.
The USA does not have a comparable level of data protection to Europe. In particular, it is possible for state authorities to access personal data without our or your knowledge. Legal recourse may be limited in these cases.
​
The legal basis for such data transfer is generally your consent (Art. 49(1)(a) GDPR), the fulfillment of a contract (Art. 49(1)(b) GDPR), or the use of EU Standard Contractual Clauses (Art. 46(2)(c) GDPR), which can be accessed here: EU Standard Contractual Clauses.
​
​
7. Data Security
We implement appropriate technical and organizational security measures to protect the personal data we process against accidental or intentional manipulation, loss, destruction, or unauthorized access.
These measures ensure the confidentiality of your personal data and protect it from tampering, loss, and destruction. The storage and disclosure of personal data are subject to strict security procedures. Our staff is trained in data protection law and only access personal data as necessary.